On 10/11/2013 09:02 AM, John Griffith wrote:
As Matt pointed out there's an option to turn off secure-delete altogether. The reason for the volume_clear setting (aka secure delete) is that since we're allocating volumes via LVM from a shared VG there is the possibility that a user had a volume with sensitive data and deleted/removed the logical volume they were using. If there was no encryption or if no secure delete operation were performed it is possible that another tenant when creating a new volume from the Volume Group could be allocated some of the blocks that the previous volume utilized and potentially inspect/read those blocks and obtain some of the other users data.
Sounds like we could use some kind of layer that will zero out blocks on read if they haven't been written by that user.
That way the performance penalty would only affect people that try to read data from the volume without writing it first (which nobody should actually be doing).
Chris _______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
